Vulnerabilities > Dwbooster > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-04 | CVE-2021-24673 | Unspecified vulnerability in Dwbooster Appointment Hour Booking The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
| 2021-08-02 | CVE-2021-24498 | Unspecified vulnerability in Dwbooster Calendar Event Multi View The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue. | 6.1 |
| 2019-08-22 | CVE-2017-18579 | Cross-site Scripting vulnerability in Dwbooster Corner AD The corner-ad plugin before 1.0.8 for WordPress has XSS. | 6.1 |
| 2019-07-11 | CVE-2019-13505 | Cross-site Scripting vulnerability in Dwbooster Appointment Hour Booking 1.1.44 The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. | 6.1 |